Yunlv Lv and Rui Zhang, Institute of Information Engineering, Chinese Academy of Sciences; State Key Laboratory of Cyberspace Security Defense; School of Cyber Security, University of Chinese Academy of Sciences; Zhiyuan Zhang, Max Planck Institute for Security and Privacy; Ziyi Wan, Institute of Information Engineering, Chinese Academy of Sciences; State Key Laboratory of Cyberspace Security Defense; School of Cyber Security, University of Chinese Academy of Sciences; Lanxue Zhang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Minhui Xue, CSIRO's Data61 and Responsible AI Research (RAIR) Centre, Adelaide University; Jiangtao Li, East China Normal University; Yanan Cao, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences
The meteoric rise of Large Language Models (LLMs) has sparked an urgent need for privacy-preserving inference. However, existing maliciously secure multi-party computation (MPC) frameworks face a "performance collapse" when scaling to large models, primarily due to the quadratic (O(n2)) communication overhead of nonlinear operators and expensive share conversions. This paper presents SMASH, a highly scalable, maliciously secure hybrid MPC framework that shatters these bottlenecks. SMASH introduces a novel DFT-based rotation technique and a lightweight zero-knowledge proof of knowledge (ZKPoK) construction to evaluate nonlinear operations. For the first time, this approach achieves linear communication complexity (O(n)) relative to the party count, independent of function complexity. Furthermore, SMASH provides a suite of high-efficiency conversion protocols (A2L/L2A and SM-LUT-based A2B/B2A) that bridge arithmetic and Boolean domains without relying on costly cryptographic primitives. Extensive benchmarks demonstrate that SMASH outperforms state-of-the-art frameworks (e.g., MP-SPDZ, MD-ML) by up to 18.9× in runtime and achieves a communication reduction of up to 103×. With its constant-round online phase and low WAN sensitivity, SMASH paves the way for secure, geographically distributed LLM deployments, achieving an unprecedented balance between adversarial robustness and practical efficiency.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
